Vulnerabilities > Cacti > Cacti > 1.1.23

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-39510 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-09-05 CVE-2023-39512 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-09-05 CVE-2023-39513 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
5.4
5.4
2023-09-05 CVE-2023-39514 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
5.4
5.4
2023-09-05 CVE-2023-39515 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-08-10 CVE-2023-37543 Authorization Bypass Through User-Controlled Key vulnerability in Cacti
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php.
network
low complexity
cacti CWE-639
7.5
7.5
2022-12-05 CVE-2022-46169 Incorrect Authorization vulnerability in Cacti
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users.
network
low complexity
cacti CWE-863
critical
 9.8
9.8
2021-11-14 CVE-2020-14424 Cross-site Scripting vulnerability in Cacti
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
network
cacti CWE-79
4.3
4.3
2020-05-20 CVE-2020-13231 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
network
low complexity
cacti fedoraproject CWE-352
6.5
6.5
2020-05-20 CVE-2020-13230 Improper Preservation of Permissions vulnerability in multiple products
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
network
low complexity
cacti debian fedoraproject CWE-281
4.3
4.3